IIS only serve requests with hostnames

Solution 1:

You can use the Url Rewrite feature of IIS to do that :

  1. Open the URL Rewrite feature :

URL Rewrite in IIS

  1. Add a rule of type "Request blocking" : enter image description here

  2. Block the requests based on host name :

If you know your IP address, you can use it to block requests which use it : enter image description here

Or you can block all requests which are not using the domain name : enter image description here

Hope this helps (It took me ages to find that).

Please note that I have no idea of the performance overhead of this usage.

Solution 2:

This is, frankly, beneath caring about, however...

  1. Set up the default site on the server to point to a blank directory, or static files, or something you don't care about getting hammered by "malicious scanners". [booga booga]
  2. Don't map any blank host headers to your sites in IIS.

Tags:

Security

Iis

Filtering

Recent Posts